[E&A] More fixes.

Author: szabosteve

explore-analyze/alerts-cases/alerts/alerting-setup.md

@@ -6,7 +6,7 @@ mapped_pages:
 
 # Set up [alerting-setup]
 
-{{kib}} {alert-features} are automatically enabled, but might require some additional configuration.
+{{kib}} {{alert-features}} are automatically enabled, but might require some additional configuration.
 
 ## Prerequisites [alerting-prerequisites]
 

explore-analyze/alerts-cases/alerts/alerting-troubleshooting.md

@@ -188,7 +188,7 @@ This approach should be used only temporarily as a last resort to restore functi
 
 ## Limitations [alerting-limitations]
 
-The following limitations and known problems apply to the 9.0.0-beta1 release of the {{kib}} {alert-features}:
+The following limitations and known problems apply to the 9.0.0-beta1 release of the {{kib}} {{alert-features}}:
 
 ### Alert visibility [_alert_visibility]
 

explore-analyze/alerts-cases/alerts/event-log-index.md

@@ -16,7 +16,7 @@ Use the event log index to determine:
 * Additional information about errors when the rule ran
 * Run durations for the rules and actions
 
-## Example event log queries [_example_event_log_queries] 
+## Example event log queries [_example_event_log_queries]
 
 The following event log query looks at all events related to a specific rule id:
 

explore-analyze/alerts-cases/alerts/maintenance-windows.md

@@ -6,11 +6,63 @@ mapped_urls:
 
 # Maintenance windows
 
-% What needs to be done: Align serverless/stateful
+This content applies to: [![Observability](../../../images/serverless-obs-badge.svg "")](../../../solutions/observability.md) [![Security](../../../images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md)
 
-% Scope notes: Merge these two pages
 
-% Use migrated content from existing pages that map to this page:
+::::{warning}
+This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
+::::
 
-% - [ ] ./raw-migrated-files/kibana/kibana/maintenance-windows.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/maintenance-windows.md
+You can schedule single or recurring maintenance windows to temporarily reduce rule notifications. For example, a maintenance window prevents false alarms during planned outages.
+
+By default, a maintenance window affects all rules in all {{kib}} apps within its space. You can refine the scope of a maintenance window by adding filters and rule categories.
+
+Alerts continue to be generated, however notifications are suppressed as follows:
+
+* When an alert occurs during a maintenance window, there are no notifications. When the alert recovers, there are no notifications—​even if the recovery occurs after the maintenance window ends.
+* When an alert occurs before a maintenance window and recovers during or after the maintenance window, notifications are sent as usual.
+
+## Configure access to maintenance windows [setup-maintenance-windows]
+
+To use maintenance windows, you must have the appropriate [subscription](https://www.elastic.co/subscriptions) and {{kib}} feature privileges.
+
+* To have full access to maintenance windows, you must have `All` privileges for the **Management > Maintenance Windows** feature.
+* To have view-only access to maintenance windows, you must have `Read` privileges for the **Management > Maintenance Windows** feature.
+
+For more details, refer to [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
+
+## Create and manange maintenance windows [manage-maintenance-windows]
+
+In **Management > {{stack-manage-app}} > Maintenance Windows** or **{{project-settings}} > {{manage-app}} > {{maint-windows-app}}** in Serverless, you can create, edit, and archive maintenance windows.
+
+When you create a maintenance window, you must provide a name and a schedule. You can optionally configure it to repeat daily, monthly, yearly, or on a custom interval.
+
+:::{image} ../../../images/kibana-create-maintenance-window.png
+:alt: The Create Maintenance Window user interface in {kib}
+:class: screenshot
+:::
+
+By default, maintenance windows affect all categories of rules. The category-specific maintenance window options alter this behavior. For the definitive list of rule types in each category, refer to the [get rule types API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-alerting).
+
+If you turn on **Filter alerts**, you can use KQL to filter the alerts affected by the maintenance window:
+
+:::{image} ../../../images/kibana-create-maintenance-window-filter.png
+:alt: The Create Maintenance Window user interface in {{kib}} with alert filters turned on
+:class: screenshot
+:::
+
+::::{note}
+
+* You can select only a single category when you turn on filters.
+* Some rules are not affected by maintenance window filters because their alerts do not contain requisite data. In particular, [{{stack-monitor-app}}](../../../deploy-manage/monitor/monitoring-data/kibana-alerts.md), [tracking containment](../../../explore-analyze/alerts-cases/alerts/geo-alerting.md), [{{anomaly-jobs}} health](../../../explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md), and [transform health](../../../explore-analyze/transforms/transform-alerts.md) rules are not affected by the filters.
+
+::::
+
+A maintenance window can have any one of the following statuses:
+
+* `Upcoming`: It will run at the scheduled date and time.
+* `Running`: It is running.
+* `Finished`: It ended and does not have a repeat schedule.
+* `Archived`: It is archived. In a future release, archived maintenance windows will be queued for deletion.
+
+When you [view alert details](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md#rule-details) in {{kib}}, each alert shows unique identifiers for maintenance windows that affected it.

explore-analyze/alerts-cases/alerts/rule-type-index-threshold.md

@@ -87,61 +87,54 @@ In this example, you will use the {{kib}} [sample weblog data set](https://www.e
 
     1. Provide a rule name.
     2. Select an index. Click **Index**, and set **Indices to query** to `kibana_sample_data_logs`. Set the **Time field** to `@timestamp`.
-
-        :::{image} ../../../images/kibana-rule-types-index-threshold-example-index.png
-        :alt: Choosing an index
-        :class: screenshot
-        :::
+       :::{image} ../../../images/kibana-rule-types-index-threshold-example-index.png
+       :alt: Choosing an index
+       :class: screenshot
+       :::
 
     3. To detect the number of bytes served during the time window, click **When** and select `sum` as the aggregation, and `bytes` as the field to aggregate.
-
-        :::{image} ../../../images/kibana-rule-types-index-threshold-example-aggregation.png
-        :alt: Choosing the aggregation
-        :class: screenshot
-        :::
+       :::{image} ../../../images/kibana-rule-types-index-threshold-example-aggregation.png
+       :alt: Choosing the aggregation
+       :class: screenshot
+       :::
 
     4. To detect the four sites that have the most traffic, click **Over** and select `top`, enter `4`, and select `host.keyword` as the field.
-
-        :::{image} ../../../images/kibana-rule-types-index-threshold-example-grouping.png
-        :alt: Choosing the groups
-        :class: screenshot
-        :::
+       :::{image} ../../../images/kibana-rule-types-index-threshold-example-grouping.png
+       :alt: Choosing the groups
+       :class: screenshot
+       :::
 
     5. To trigger the rule when any of the top four sites exceeds 420,000 bytes over a 24 hour period, select `is above` and enter `420000`. Then click **For the last**, enter `24`, and select `hours`.
-
-        :::{image} ../../../images/kibana-rule-types-index-threshold-example-threshold.png
-        :alt: Setting the threshold
-        :class: screenshot
-        :::
+       :::{image} ../../../images/kibana-rule-types-index-threshold-example-threshold.png
+       :alt: Setting the threshold
+       :class: screenshot
+       :::
 
     6. Schedule the rule to check every four hours.
-
-        :::{image} ../../../images/kibana-rule-types-index-threshold-example-preview.png
-        :alt: Setting the check interval
-        :class: screenshot
-        :::
+       :::{image} ../../../images/kibana-rule-types-index-threshold-example-preview.png
+       :alt: Setting the check interval
+       :class: screenshot
+       :::
 
         The preview chart will render showing the 24 hour sum of bytes at 4 hours intervals for the past 120 hours (the last 30 intervals).
 
     7. Change the time window and observe the effect it has on the chart. Compare a 24 window to a 12 hour window. Notice the variability in the sum of bytes, due to different traffic levels during the day compared to at night. This variability would result in noisy rules, so the 24 hour window is better. The preview chart can help you find the right values for your rule.
     8. Define the actions for your rule.
 
         You can add one or more actions to your rule to generate notifications when its conditions are met and when they are no longer met. For each action, you must select a connector, set the action frequency, and compose the notification details. For example, add an action that uses a server log connector to write an entry to the Kibana server log:
-
-        :::{image} ../../../images/kibana-rule-types-index-threshold-example-action.png
-        :alt: Add an action to the rule
-        :class: screenshot
-        :::
+       :::{image} ../../../images/kibana-rule-types-index-threshold-example-action.png
+       :alt: Add an action to the rule
+       :class: screenshot
+       :::
 
         The unique action variables that you can use in the notification are listed in [Add action variables](#action-variables-index-threshold). For more information, refer to [Actions](create-manage-rules.md#defining-rules-actions-details) and [*Connectors*](../../../deploy-manage/manage-connectors.md).
 
     9. Save the rule.
 
 3. Find the rule and view its details in **{{stack-manage-app}} > {{rules-ui}}**. For example, you can see the status of the rule and its alerts:
-
-    :::{image} ../../../images/kibana-rule-types-index-threshold-example-alerts.png
-    :alt: View the list of alerts for the rule
-    :class: screenshot
-    :::
+   :::{image} ../../../images/kibana-rule-types-index-threshold-example-alerts.png
+   :alt: View the list of alerts for the rule
+   :class: screenshot
+   :::
 
 4. Delete or disable this example rule when it’s no longer useful. In the detailed rule view, select **Delete rule** from the actions menu.

raw-migrated-files/docs-content/serverless/maintenance-windows.md

@@ -303,7 +303,6 @@ toc:
       - file: docs-content/serverless/ingest-third-party-cloud-security-data.md
       - file: docs-content/serverless/ingest-wiz-data.md
       - file: docs-content/serverless/intro.md
-      - file: docs-content/serverless/maintenance-windows.md
       - file: docs-content/serverless/monitor-k8s-otel-edot.md
       - file: docs-content/serverless/observability-add-logs-service-name.md
       - file: docs-content/serverless/observability-aggregationOptions.md
@@ -678,7 +677,6 @@ toc:
       - file: kibana/kibana/kibana-concepts-analysts.md
       - file: kibana/kibana/kibana-role-management.md
       - file: kibana/kibana/logging-settings.md
-      - file: kibana/kibana/maintenance-windows.md
       - file: kibana/kibana/management.md
       - file: kibana/kibana/osquery.md
       - file: kibana/kibana/playground.md